diff options
| author | Max Khon <fjoe@samodelkin.net> | 2017-02-06 23:40:51 +0600 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2017-02-20 00:53:01 -0500 |
| commit | f77dabefd80b05173e602de94865b5cdffb3495e (patch) | |
| tree | a5c37a704433f7787765b0d4bb20ee76e20ed4b7 /tests/data/test1286 | |
| parent | 889ca45ab896cc88b28bb9cc651f0bc1a8e54bc3 (diff) | |
digest_sspi: Fix nonce-count generation in HTTP digest
- on the first invocation: keep security context returned by
InitializeSecurityContext()
- on subsequent invocations: use MakeSignature() instead of
InitializeSecurityContext() to generate HTTP digest response
Bug: https://github.com/curl/curl/issues/870
Reported-by: Andreas Roth
Closes https://github.com/curl/curl/pull/1251
Diffstat (limited to 'tests/data/test1286')
| -rw-r--r-- | tests/data/test1286 | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/tests/data/test1286 b/tests/data/test1286 new file mode 100644 index 000000000..41782cb0f --- /dev/null +++ b/tests/data/test1286 @@ -0,0 +1,110 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +HTTP Digest auth +followlocation +</keywords> +</info> + +# Server-side +<reply> +<data> +HTTP/1.1 401 authentication please swsbounce
+Server: Microsoft-IIS/6.0
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 0
+
+</data> +<data1000> +HTTP/1.1 302 Thanks for this, but we want to redir you!
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Location: /12860001
+Content-Length: 0
+
+</data1000> +<data1001> +HTTP/1.1 404 Not Found
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 0
+
+</data1001> + +<datacheck> +HTTP/1.1 401 authentication please swsbounce
+Server: Microsoft-IIS/6.0
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", qop="auth"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 0
+
+HTTP/1.1 302 Thanks for this, but we want to redir you!
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Location: /12860001
+Content-Length: 0
+
+HTTP/1.1 404 Not Found
+Server: Microsoft-IIS/5.0
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 0
+
+</datacheck> + +</reply> + +# Client-side +<client> +# +<server> +http +</server> +<features> +crypto +</features> +<name> +HTTP GET --digest increasing nonce-count +</name> +# This test is to ensure the nonce-count (nc) increases +# https://github.com/curl/curl/pull/1251 +<command> +-u auser:apasswd --location --digest http://%HOSTIP:%HTTPPORT/1286 +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +# Reorder the fields in 'Authorization: Digest' header. +# Since regular and SSPI digest auth header fields may not have the same order +# or whitespace we homogenize so that both may be tested. Also: +# - Remove the unique value from cnonce if in RFC format +# - Remove the unique value from response if in RFC format +# - Remove quotes from qop="auth" used by SSPI +# The if statement is one line because runtests evaluates one line at a time. +<strippart> +if(s/^(Authorization: Digest )([^\r\n]+)(\r?\n)$//) { $_ = $1 . join(', ', map { s/^(cnonce=)"[a-zA-Z0-9+\/=]+"$/$1REMOVED/; s/^(response=)"[a-f0-9]{32}"$/$1REMOVED/; s/^qop="auth"$/qop=auth/; $_ } sort split(/, */, $2)) . $3; } +</strippart> +<protocol> +GET /1286 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /1286 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Digest cnonce=REMOVED, nc=00000001, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/1286", username="auser"
+Accept: */*
+
+GET /12860001 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Digest cnonce=REMOVED, nc=00000002, nonce="1053604144", qop=auth, realm="testrealm", response=REMOVED, uri="/12860001", username="auser"
+Accept: */*
+
+</protocol> +</verify> +</testcase> |